The Cyber Crime Hall of Fame 145
DigitalDame2 writes "Not all hackers are bad guys, but a few fall prey to the dark side and use their talents for evil — not good. In compiling this list of the craziest cyber crimes, PC Mag looked for a few things: ingenuity (had it been done before?), scope (how many computers, agencies, companies, sites, etc. did it affect?), cost (how much in monetary damages did it cause?), and historical significance (did it start a new trend?). Read on about famous hackers John Draper, Robert Morris, Kevin Poulsen, and others."
Balls (Score:2, Interesting)
Unsolved Cyber Crime (Score:5, Interesting)
history be judge (Score:5, Interesting)
I agree with them as far as the "historic significance" goes. For the more recent ones, I'm not so sure. Maybe that's because most of those who actually did it first weren't caught. But the most important trends at this time are stuff like organized crime, spam (and the connection between the two) and extortion. The singular trend behind all these is that those early guys were curious people who did things "because they can", as the article states. But they're dinosaurs today. Money is the reason these days, not curiosity. To miss that one vital trend is to miss everything that's happened in security for the past years.
TFA is wrong (Score:5, Interesting)
"Though charged and convicted in the U.K., McKinnon is currently facing extradition to the U.S., which could mean up to 70 years in prison."
McKinnon was never convicted in the UK. IIRC the Computer Misuse act hadn't been passed then. See here: http://www.theregister.co.uk/2008/08/28/mckinnon_european_appeal_rejected/
He's currently being extradited under the disgraceful one sided treaty where we (i.e. British) hand over anyone the USA asks for without the need to demonstrate a primae facia case.
That'll be the special relationship where we bend over and USA screws us.
Robert Morris' Worm (Score:5, Interesting)
<GrayBeardMode> I was working at PR1ME when the Morris Worm hit. Nobody really new what was going on at first. Then word was getting out that there was something running rampant over the internet and our feed was taken down. Later it was learned that our systems had the wrong architecture and we were safe from the attack, but the impact on the net was so great that everything was glacially slow. </GrayBeardMode>
There's a great write-up by Don Seeley, Department of Computer Science, University of Utah that (as posted by Francis Litterio). (I used to work with Fran - Hi there!) Anyway, the link to it from wikipedia (Morris Worm [wikipedia.org]) is broken, but I found a copy in Google's cache at "A Tour of the Worm" [64.233.169.104]. There are other links available (e.g. to a pdf) if you search Google for this title, but I don't want to unnecessarily bog down someone's server. Highly recommended!!
They missed Jeffery Ward, the first one (Score:5, Interesting)
They missed Jeffery Ward [google.com], the first person to do jail time for computer crime.
This was the stone age of computer crime. Ward was convicted of grand theft for stealing a proprietary plotting program from ISD for the benefit of his employer, UCC. One of UCC's customers. Shell, was also an ISD customer, and they had a remote terminal, a UNIVAC 1004, with a card reader, printer, (optional) card punch, and 2400 baud synchronous modem. The customer used the same terminal ID (wired into a plugboard; there weren't really passwords then) to use both UCC and ISD. Ward used a similar terminal at UCC to impersonate the customer's terminal and connect to ISD. Then he submitted a job (on punched cards!) to request that the binary for the plotting program be sent to his terminal and punched on the card punch.
And that's his plan started looking like "America's Dumbest Criminals". The customer terminal he was impersonating didn't have a card punch. So the ISD computer instead punched the desired card deck on a punch in ISD's computer room, and printed a message for the operator indicating who wanted the card deck. The card deck was then packaged up by ISD staff and mailed to Shell.
The package was received at Shell. Since they hadn't ordered it, they sent it back to ISD with a request for a refund. The ISD staff took a look at the card deck, and after some puzzlement, someone realized what it was.
It took a while to figure out what was going on, but the Alameda County DA's office and the Oakland police were brought in, and the first search warrant ever for the search of a computer was issued, to be served on UCC. Nobody was really sure how to do this, but an outside consultant with UNIVAC experience was brought in for the search.
So the big day came. Oakland cops, an assistant DA, and the UNIVAC expert show up at the front door of UCC in Oakland. It's not clear that a search would have found anything; most data back then was on magnetic tape, and the UCC data center had thousands of reels of tape. However, Ward was in the building at the time, and he decided to grab all the incriminating material and duck out the back door.
Big mistake for Ward. Cops know about covering the back door. Ward was quickly arrested, and since he had all the incriminating data, the search was unnecessary and Ward was carted off to jail.
There was a later civil settlement between UCC and ISD. ISD got four tape drives and a "CTMC", a 32-line async port controller. (This was a truckload of 1970s technology.) I worked for ISD when that gear arrived, and it was not in good shape, but we got it working.
An amusing bit of trivia about Mitnick (Score:5, Interesting)
One of Mitnick's first arrests (as an adult) resulted from his breaking into The Santa Cruz Operation. Yes, that S.C.O..
The reason he got caught was because SCO thought it was their competition who was breaking in.
It took an extremely motivated effort to track him down, due to the way the Telco's worked at the time, and Mitnick knew it. What he didn't know was that SCO was very determined (for the wrong reason).
Note that, contrary to all the published nonsense out there, Mitnick was NEVER prosecuted for breaking into SCO. They were afraid of pressing charges. He was nailed because SCO's competition wasn't afraid to press charges.
Re:Unsolved Cyber Crime (Score:5, Interesting)
Explanation of MafiaBoy (Score:4, Interesting)
MafiaBoy At the time of his hack, Mike Calce could only be referred to as MafiaBoy since Canadian laws prevented news outlets from releasing the name of the then teenage super hacker. In February 2000, Calce launched a denial-of-service attack that struck 11 major Web companiesâ"including Amazon, eBay, E*TRADE, and Dellâ"via 75 computers on 52 networks. While there's no hard data to quantify how much monetary damage was done, analyst estimates range as high as $1.7 billion Canadian (that's currently about $1.6 billion U.S). When tried in 2001, Calce was handed a sentence of eight months "open custody," limited Internet use, a small fine, and one year of probation. Ranks For: Scope, Cost
He basically found out how to do a DDOS, which was the first of it's kind. Before that, the main exploits ranged from SMURF.c to PEPSI.c to SLICE3.c (for some reason they were a lot of soft drink names). MafiaBoy went into an irc channel (I am omitting the name) bragging about how he could "down" anything. A few suggestions were made for what at the time were the biggest sites on the web. Once he packeted one, the spectators were unsure that it was really him until he made large website after large website a "404". The rest is history.
Re:The dollar value of a human life? (Score:1, Interesting)
Agreed - and furthermore, it bugs me to no end how now that "terrorism" is the evil du jour, the slack-jawed masses are trying to re-define everything as terrorism.
Call me crazy, but I've always thought that terrorism should involve - you know - actual terror. When someone hacks a website, I may feel annoyance, but I'm not exactly terrified. Ditto when someone pulls a prank, steals an item, or generally acts in some other socially inappropriate manner. Criminal, perhaps; terroristic, not necessarily.
Just my 2c.
-CheckBit
Re:Anyone see something WRONG here? (Score:3, Interesting)